# encoding: utf-8

class MembersController < ApplicationController
  
  before_filter :require_login, :except => :show
  before_filter :allow_self_only, :only => [:edit, :update, :edit_avatar, :update_avatar]
  
  def show
    @member = Member.find( params[:id])  
  end
  
  def allow_self_only
    if( params[:id] != current_member.id.to_s and not current_member.is_admin? )
      redirect_to root_url
    end
  end
  
  def home
    @my_groups = current_member.groups
    @feeds = Feed.where("member_id != ? AND (group_id IS NULL OR group_id IN (?) )",current_member.id, current_member.group_ids).order("created_at DESC")
    @feeds = @feeds[0..20]
  end
  
  def index
    @members = Member.order("membership_id").all
  end
  
  def edit
    @member = Member.find( params[:id] )
    @memberships = Membership.all
    @permissions = Permission.all
  end
  
  def update
    @member = Member.find( params[:id] )
    @memberships = Membership.all
    @permissions = Permission.all
    
    #zastita od falsificiranja obrazaca
    unless current_member.is_admin?
      params[:member][:permission_id] = @member.permission.id 
      params[:member][:membership_id] = @member.membership.id
    end
    
    @member.update_attributes( params[:member] )
    
    flash[:notice] = "Novi podaci su spremljeni!"
    render :action => :edit
    
  end
  
  def edit_avatar
    
  end
  
  def update_avatar
    directory = "public/images/avatars/"
    
    #flash[:notice] = "Uploaded!"
    render :action => :edit_avatar
  end
  
  def destroy
  	member = Member.find( params[:id] )
  	member.delete
  	
  	redirect_to members_path
  end
    
end
